3 Replies Latest reply on Mar 6, 2012 9:22 AM by spyhunter99

    How to secure WSDL file access

    sudhirjha
    sudhirjha Mar 5, 2012 5:48 AM

      Hello Everybody,

       

      I don't know how to secure access of my published WSDL file from other than intended recipient.

       

      I tried some thing like this in web.xml file:

       

       

          <security-constraint>

              <display-name>Sudhir Access</display-name>

              <web-resource-collection>

                  <web-resource-name><Java file which had web method></web-resource-name>

                  <description>path of wsdl</description>

                  <url-pattern>/*</url-pattern> <!--- do i need to give physically complete path(through which we access the WSDL)-->

                  <http-method>POST</http-method>

                  <http-method>TRACE</http-method>

                  <http-method>DELETE</http-method>

              </web-resource-collection>

              <auth-constraint>

                  <description/>

                  <role-name>sudhir</role-name>

              </auth-constraint>

              <user-data-constraint>

                  <description/>

                  <transport-guarantee>CONFIDENTIAL</transport-guarantee>

              </user-data-constraint>

          </security-constraint>

          <login-config>

              <auth-method>BASIC</auth-method>

              <realm-name>sudhi</realm-name>

          </login-config>

          <security-role>

              <description>Admin</description>

              <role-name>sudhir</role-name>

          </security-role>

      </web-app>

       

      I had developed web service using Jboss developer studio and jboss server

      Please share your ideas to do the same.

       

       

      Thanks & Regards,

      Sudhir Jha

        • 1. Re: How to secure WSDL file access
          spyhunter99
          spyhunter99 Mar 5, 2012 7:36 AM (in response to sudhirjha)

          well your confige requires http basic for all users to the war which presumable contains the web service. How is this not acomplishing your goals?

           

          In mine, i have the service implementation mapped as a servlet. The servlet mapping is something like /service. And the url pattern is  /service

           

          typically, in jax-ws, the handler chain does NOT fire off when a wsdl is request via http get

           

          in axis 1.x, and wcf it does and you can do something custom there

            • Actions
          • 2. Re: How to secure WSDL file access
            sudhirjha
            sudhirjha Mar 5, 2012 11:46 PM (in response to spyhunter99)

            Hello Spyhunter99,

             

             

            Thanks for your great suggestion.

            Can you share the servlet here which you had mapped for your web service.

              • Actions
            • 3. Re: How to secure WSDL file access
              spyhunter99
              spyhunter99 Mar 6, 2012 9:22 AM (in response to sudhirjha)

              In at least jbossws, the @WebService annonation eventually boils down to a servlet. Just use your class that implements the web service and it should fire up.

                • Actions